Lucene search

CERTVDECVELIST:CVE-2023-5592

HistoryDec 14, 2023 - 2:04 p.m.

CVE-2023-5592 Phoenix Contact: ProConOs prone to Download of Code Without Integrity Check

2023-12-1414:04:41

CWE-494

CERTVDE

www.cve.org

phoenix contact

proconos

download of code

integrity check

multiprog

eclr

remote attack

device

loss of integrity

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

36.3%

JSON

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MULTIPROG",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ProConOS eCLR (SDK)",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2023-054/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

36.3%

JSON

Related for CVELIST:CVE-2023-5592